Headline
CVE-2021-45089: SES Evolution server access check bypass (CVE-2021-45089)
Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control.
Advisory ID
CVE Number
Date discovered
Severity
Advisory revision
STORM-2021-071
CVE-2021-45089
09/17/2021
medium
v1
Vulnerability details
An unspecified vulnerability in SES Evolution could allow an authenticated user to deny access to some functionalities of the administration console.
Impacted products
Products
Severity
Detail
Stormshield Endpoint Security
medium
SES is impacted
Revisions
Version
Date
Description
v1
12/21/2021
Initial release
Stormshield Endpoint Security
CVSS v3.1 Overall Score: 6.1
Analysis
Impacted version
An attacker may trick a user connected to a machine where the SES Evolution console is installed to execute a malicious program in order to deny access to some functionalities for all users of the administration console.
- SES 2.0.0 to 2.1.1
Workaround solution
Solution
There is no workaround solution.
The 2.1.2 update fixes this vulnerability.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability impact
Adjacent Network
Low
Low
Required
Unchanged
None
None
High
CVSS Base score: 5.2
CVSS Vector: (AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)
Exploit Code Maturity
Remediation Level
Report Confidence
Unproven that exploit exists
Official fix
Confirmed
CVSS Temporal score: 4.5
CVSS Vector: (AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Confidentiality Requirement
Integrity Requirement
Availability Requirement
Low
Low
High
CVSS Environmental score: 6.1
CVSS Vector: (AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C/CR:L/IR:L/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)